
United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 
Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.uspto.gov 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. 



CONFIRMATION NO. 



09/878,536 



06/11/2001 



23910 7590 04/19/2006 

FLEESLER MEYER, LLP 
FOUR EMBARCADERO CENTER 
SUITE 400 

SAN FRANCISCO, CA 94111 



Paul Patrick 



BEAS-01084US0 
SRM/KFK 



4065 



EXAMINER 



PICH, PONNOREAY 



ART UNIT 



PAPER NUMBER 



2135 

DATE MAILED: 04/19/2006 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



a, 



Office Action Summsry 


Application No. 
09/878,536 


Applicant(s) 
PATRICK, PAUL 


Examiner 
Ponnoreay Pich 


Art Unit 
2135 





The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )S Responsive to communication(s) filed on 03 February 2006 . 
2a)D This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) |3 Claim(s) 1-41 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Ciaim(s) is/are allowed. 

6) ^ Claim(s) 1-41 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) KI The drawing(s) filed on 11 June 2001 is/are: a)D accepted or b)S objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 1 19 

12) Q Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)QAII b)Q Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) □ Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) IE) Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 5 ) □ Notice of Informal Patent Application (PTO-152) 

Paper No(s)/Mail Date 2/2006. 6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 7-05) 



Office Action Summary 



Part of Paper No./Mail Date 04052006 



Application/Control Number: 09/878,536 Page 2 

Art Unit: 2135 

DETAILED ACTION 

A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
2/3/2006 has been entered. 

Claims 1-41 are pending. Claims 40-41 were newly added. 

Information Disclosure Statement 

Applicant's IDS submitted on 2/3/2006 has been considered. 

Response to Amendment and Arguments 

Applicant's amendments have been noted. Applicant's arguments directed 
towards the amended claims have been noted, but are moot in view of new grounds of 
rejections presented below. The new rejections are in response to applicant's 
amendments. Any objections or rejections not repeated below for record are withdrawn 
due to applicant's amendments and/or arguments. Any well known art statements not 
specifically traversed by applicant in the prior office actions are taken as admittance of 
prior art as per MPEP 2144.03. 

The examiner notes that the essence of applicant's arguments directed towards 
the Devine reference used in the prior office action was that Devine did not teach 
callbacks, callback handlers, use of context information or application containers as 
currently recited in the amended claims. Applicant made these arguments based on 



Application/Control Number: 09/878,536 Page 3 

Art Unit: 2135 

what is disclosed in applicant's specification. However, applicant is reminded that 
although the claims are interpreted in light of the specification, limitations from the 
specification are not read into the claims. See In re Van Geuns, 988 F.2d 1181, 26 
USPQ2d 1057 (Fed. Cir. 1993). In examining these amended claims, the examiner will 
examine the claims in light of the specification. However, the examiner will not limit the 
claims by what is disclosed in the specification but not recited in the claims. The 
examiner further notes that applicant's specification does not define the terms following 
terms which applicant argues was not disclosed by Devine: callbacks, callback 
handlers, context information, and application containers. In examining the claims the 
examiner will interpret the terms using the broadest, reasonable meaning possible in 
light of what is disclosed in the specification, what is known in the art, and the context of 
what is recited in the claims. 

The examiner further notes that the arguments applicant set forth to explain why 
the prior art does not teach certain limitations only addressed what applicant believed 
Devine does not teach. Applicant is reminded that one cannot show nonobviousness by 
attacking references individually where the rejections are based on combinations of 
references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & 
Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). 

Drawings 

Figure 1 should be designated by a legend such as -Prior Art- because only 
that which is old is illustrated. See MPEP § 608.02(g). Corrected drawings in 
compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid 
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abandonment of the application. The replacement sheet(s) should be labeled 
"Replacement Sheet" in the page header (as per 37 CFR 1.84(c)) so as not to obstruct 
any portion of the drawing figures. If the changes are not accepted by the examiner, the 
applicant will be notified and informed of any required corrective action in the next Office 
action. The objection to the drawings will not be held in abeyance. 

On page 1, paragraph 4 and page 8, paragraph 22, applicant discloses what is 
shown in figure 1 as being prior art. 

Specification 

The use of trademarks has been noted in this application, i.e. Java, Enterprise 
Java Bean, WebApp, etc. The trademarks should be capitalized wherever they appear 
and be accompanied by the generic terminology, see MPEP 608.01. 

Although the use of trademarks is permissible in patent applications, the 
proprietary nature of the marks should be respected and every effort made to prevent 
their use in any manner which might adversely affect their validity as trademarks. 

Claim Objections 

Claims 16, 33, and 36 are objected to because of the following informalities: In 
claims 16 and 33, "plug in" should instead be "plug-in". In claim 36, there should be a 
comma after "permitted" in line 2 and "determines" should be "determine". Appropriate 
correction is required. 



Claim Rejections - 35 USC §112 
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The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 1-41 are rejected under 35 U.S.C. 112, second paragraph, as being 

indefinite for failing to particularly point out and distinctly claim the subject matter which 

applicant regards as the invention. 

1 . Claim 1 and its dependent claims recite "the protected application or resource", 
which lacks antecedent basis. Note in lines 1-2 of claim 1 "a protected resource 
or application" was recited. It is unclear of the protected resource later recited is 
the same as the resource recited in lines 1-2 and if the application later recited is 
the same as the protected application recited in lines 1-2 or if applicant is 
referring to separate resources and applications, one wherein the resource is 
protected and one wherein the application is protected'. 

2. Claim 1 recites "a security service" in line 6 and line 9. This implies there being 
two security services. It is unclear to which security service is being referred 
when claim 1 and its dependent claims later recite "the security service"— the one 
in line 6 or line 9 of claim 1 . 

3. Claim 1 recites "an application container" in lines 2-3 and claim 2 recites "an 
application container". This implies two application containers. Claims 3 and 4, 
which depends on claim 2 recites "the application container". It is unclear to 
which application container is being referred to in claims 3 and 4. 
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4. Claim 1 recites "the security providers" in line 1 1 , which lacks antecedent basis. 
It is unclear if "the security providers" refers back to the "plurality of security 
providers" recited in the previous line. 

5. Claim 1 recites in lines 6-8 "wherein the client makes the access request on the 
application container, and the application container calls the security service with 
the access request". What is recited therein does not appear to further limit the 
claim in any manner by further defining the security system of claim 1 . The 
language appears to merely recite intended use for the client and the application 
container, neither of which are part of the security system. It is unclear if 
applicant meant for this to be the case. Clarification by applicant is respectfully 
requested. 

6. Claims 3 and 20 contain the trademark/trade name "Enterprise Java Bean". 
Where a trademark or trade name is used in a claim as a limitation to identify or 
describe a particular material or product, the claim does not comply with the 
requirements of 35 U.S.C. 112, second paragraph. See Ex parte Simpson, 218 
USPQ 1020 (Bd. App. 1982). The claim scope is uncertain since the trademark 
or trade name cannot be used properly to identify any particular material or 
product. A trademark or trade name is used to identify a source of goods, and 
not the goods themselves. Thus, a trademark or trade name does not identify or 
describe the goods associated with the trademark or trade name. The use of the 
trademark or trade name renders the claim(s) indefinite. Note that Java by itself 
is also trademarked by Sun Microsystems. 
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7. Claims 4 and 21 contain the trademark "WebApp", a registered trademark of the 
Data Access Corporation. As noted above, use of trademarks in a claim renders 
the claim indefinite. 

8. Claims 14 and 21 contain the trademark "Java J2EE", a registered trademark of 
Sun Microsystems. As noted above, use of trademarks in a claim renders the 
claim indefinite. 

9. In claim 6, it is recited that the contributory decisions are combined, see line 3. 
However, claim 5, from which claim 6 depends, only discloses of a single 
contributory decision. It is unclear how there is more than one contributory 
decision in claim 6. 

10. Claims 7 and 24 recite "the access decision mechanisms", which lacks 
antecedent basis. Note that the claims from which these claims depend recite 
instead "a plurality of access decision mechanism". It is unclear if applicant 
meant for these two phrases to be equivalent. 

11. Claims 9-1 1 and 26-28 recite "the access decision mechanisms", which lacks 
antecedent basis. Note that claim 5 from which these claims depend instead 
recite "a plurality of access decision mechanisms". It is unclear if applicant 
meant for the two phrases to be equivalent. 

12. Claim 18 recites "a protected application" in line 1 and in line 3. Claim 18 and its 
dependent claims later recites "the protected application". It is unclear to which 
protected application is being referred by "the protected application", the one in 
line 1 of claim 1 8 or in line 3. 
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13. Claim 18 recites "the application" in line 2, which lacks antecedent basis. 
Applicant may have meant "the protected application". 

14. Claim 18 recites "a client" in line 1 and in line 3. Later, "the client" is recited. It is 
unclear to which client "the client" refers back to, the one in line 1 or the one in 
line 3. 

15. Claim 19 recites "the application interface mechanism", which lacks antecedent 
basis. 

16. Claim 19 recites "an application container". Claim 18, which claim 19 depends 
from also recites "an application container". It is unclear to which application 
container later dependent claims are referring when they recite "the application 
container", the one recited in claim 18 or the one recited in claim 19. 

17. Claim 29 recites "the plurality of access requests", which lacks antecedent basis. 

18. Claim 33 recites "the resource interface" which lacks antecedent basis. 

19. Claim 34 recites "the protected resource", which lacks antecedent basis. 

20. Claim 35 recites "the security providers" in line 7, which lacks antecedent basis. It 
is unclear if "the security providers" are meant to refer back to "a plurality of 
security providers" recited in the previous line. 

21. Claim 36 recites entitlements which also determine a type of access available to 
a user of the protected resource. It is unclear if the entitlements being referred to 
in claim 36 are user entitlements which were recited in claim 35 or other types of 
entitlements. 

22. Any claims not specifically addressed are rejected by virtue of dependency. 
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Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claims 1-17 and 40-41 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. 

Claim 1 is directed towards a security system comprising an application interface 
mechanism, a security service, and a resource interface. These components of the 
security system can be implemented via software alone, thus claim 1 is directed 
towards software per se, which is not statutory. Applicant must recite in the claim at 
least one component as part of the security system that is disclosed in applicant's 
specification that is at least partly hardware (and does not have a purely software 
equivalent) for claim 1 to be statutory. Claims 2-17 and 40-41 are dependent on claim 1 
and also are directed towards software per se. Amending claim 1 to be statutory would 
also make claims 2-17 and 20-41 statutory. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 



(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
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invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-2, 5-19, and 22-41 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Wiederhold (US 6,226,745) in view of Devine et al (US 6,606,708) 
and further in view of Blewett (US 5,551 ,040). 
Claims 1 and 18: 

As per claim 1 , Wiederhold discloses: 

1 . An application interface mechanism for receiving an access request from a client 
to access the protected application or resource, and communicating the access 
request to a security service (col 4, lines 56-58), wherein the client makes the 
access request on the application container, and the application container calls 
the security service with the access request (Fig 2 and col 6, lines 51-52). Note 
that an "application container" or "container" is known in the art as software 
designed for a specific platform. In Wiederhold's invention, the security service, 
i.e. security mediator, is a computing module (col 3, lines 37-41). One of 
ordinary skill should appreciate that because the security service comprise 
software, a client/user would need an application interface mechanism which 
uses application containers to send access requests to the security service, 

2. A security service, i.e. security mediator and security officer, for making a 
decision to permit or deny the access request (col 5, lines 1-10 and col 6, lines 
58-67), wherein the security service includes a plurality of security providers that 
may be plugged into the security service (col 4, lines 7-13 and col 5, lines 34-51), 
and wherein depending on the output from each security provider the security 
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service determines the entitlements for the client to use with the protected . 
application or resource (col 6, lines 11-21 and col 8, lines 1-8). 
3. A resource interface for communicating permitted access requests to the 
protected application or resource (col 4, lines 49-55 and Fig 2). 

Wiederhold does not disclose the application container calling the security 
service with a callback handler. Wiederhold does not explicitly disclose the security 
providers use the callback handler to request context information from the application 
container for the access request. Note that applicant's specification discloses that 
context information is typically utilized as values or parameters in an expression that is 
to be evaluated by a rules or expression evaluation engine (p14, paragraph 45). The 
term "context information" itself, however, was never defined in applicant's specification. 
The examiner believes the broadest, reasonable meaning for context information in light 
of what is disclosed in the specification is it is any value or parameters used in an 
expression that is to be evaluated by a rules or expression evaluation engine. 

Devine discloses a client/user making a request for a resource using a GUI 
interface (col 2, lines 55-65). Devine discloses security providers using a GUI interface 
to request context information from an application container, i.e. web browser, for an 
access request (Fig 6 and col 3, lines 18-32). Blewett discloses that most modern GUI 
systems use the callback programming style (abstract). At the time applicant's 
invention was made, it would have been obvious to one of ordinary skill in the art to 
modify Wiederhold's invention such that the client/user made an access request using a 
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GUI based application interface mechanism in light of Devine's teachings. One of 
ordinary skill would have been motivated to do so because a GUI interface allows for an 
easy and convenient access from the user's perspective (Devine: col 2, lines 60-65). 
Devine's teaching of a GUI interface would make Wiederhold's system more user 
friendly. It would have been obvious to one of ordinary skill in the art to utilize a 
callback programming style within Wiederhold and Devine's combination invention to 
implement a GUI interface because most modern GUI systems uses a callback 
programming style (Blewett: abstract). One of ordinary skill should appreciate from 
Blewett's teachings that in Devine's invention where a GUI interface is used to request 
context information from an application container, that the security provider would use 
callback handler to do the requesting since most modern GUI systems utilizes callbacks 
and callback handlers. 

Claim 18 is substantially similar to claim 1 and is rejected for substantially the 
same reasons. The difference is that claim 18 is directed towards a method 
implemented by the system of claim 1 . 
Claims 2 and 19: 

Wiederhold further implicitly discloses the application interface mechanism 
includes an application container for reading an application deployment description and 
registering the application deployment description within the security service (col 3, lines 
37-46). 

Claims 5 and 22: 



Application/Control Number: 09/878,536 Page 13 

Art Unit: 2135 

Wiederhold further discloses the security service includes a plurality of access 
decision mechanisms for: 

1 . Defining an access policy via a plurality of access decision mechanisms within 
the security service (col 3, lines 37-45; fig 3, item 100; and fig 4, item 200). 

2. Determining at each access decision mechanism a contributory decision to 
permit, deny, or abstain from said access request (col 5, 1 st paragraph). 

The examiner has interpreted "access decision mechanisms" as broadly as 
reasonable to include any rule, procedure, device, data structure, or function that is 
used by the security service to define an access policy. 
Claims 6 and 23: 

Wiederhold further discloses transferring via the access controller, the access 
request to the plurality of access decision mechanisms, and combining contributory 
decisions into an overall decision by the security service to permit or deny the access 
request (col 3, lines 37-64). 
Claims 7 and 24: 

Wiederhold further discloses the contributory access decision mechanisms 
represent a business function related access policy (col 3, lines 37-64 and col 5, lines 
11-16). Note that applicant's specification does not define what is a business function. 
Any function can be a business function. 
Claims 8 and 25: 
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Wiederhold further discloses access decisions may be added to the security 
service to reflect changes in the access policy (col 5, lines 34-41). 
Claims 9 and 26: 

Wiederhold further discloses the access decision mechanisms are used to define 
entitlements for the client to access the protected resource (col 4, last paragraph). 
Claims 10 and 27: 

Wiederhold further discloses a deny or abstain by any one of the access decision 
mechanisms causes the security service to deny the access request (col 5, 1 st 
paragraph and col 6, lines 5-10). 
Claims 11 and 28: 

Wiederhold further discloses an abstain by any one of the decision mechanisms 
does not cause the security service to deny the access request (col 5, 1 st paragraph). 
Claims 12 and 29: 

Wiederhold further discloses auditing via an audit mechanism the determinations 
of the plurality of access requests (col 5, last paragraph and col 6, lines 1-2). 
Claims 13 and 30: 

Wiederhold further discloses passing requests via an interface mechanism to or 
from a protected resource (col 5, lines 28-31 and col 5, lines 56-61). 
Claims 14 and 31: 

Wiederhold does not disclose wherein the interface mechanism includes a Java 
J2EE security interface. However, Java J2EE security interfaces were well known in 
the art at the time applicant's invention was made. It would have been obvious to one ' 
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of ordinary skill to further modify Wiederhold's invention such that the interface 
mechanism includes a Java J2EE security interface because it would make the 
invention more flexible in terms of scalability. 
Claims 15 and 32: 

Wiederhold discloses the interface mechanism includes a security provider 
interface (col 4, last paragraph). 

The examiner has interpreted a "security provider interface" as any mechanism 
which allows a user or application to access the resource in secure manner. In the case 
of Wiederhold's invention, the security service itself is the security provider interface as 
it filters the results of an access query to disclose only the parts of a secure resource 
that a user or application has proper entitlement to have. 
Claims 16 and 33: 

Wiederhold does not disclose the interface mechanism is included as a plug-in in 
the resource interface. However, use of plug-in's was well known in the art at the time 
applicant's invention was made. It would have been obvious to one of ordinary skill in 
the art at the time of the applicant's invention to further modify Wiederhold's invention 
so that the interface mechanism is included as a plug-in in the resource interface as 
doing so would increase the scalability of the invention. For example, if one was to 
implement the invention using Java and as a web application, Java itself is a plug-in for 
various web browsers * therefore any interface mechanism employed using Java would 
be a plug-in. Note Devine discloses that his invention uses Java and Java applets (col 
3, lines 3-8). 
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Claims 17 and 34: > 

Wiederhold further discloses making a decision on whether to permit or deny a 
response to the access request from the protected resource to the client (col 4, last 
paragraph). 
Claim 40: 

Wiederhold further discloses wherein entitlements comprise at least one of 
business logic and functionality entitlements (col 4, lines 42-48 and col 9, lines 5-15). 
Claim 41: 

Wiederhold further discloses wherein context information comprises at least one 
of the identity of the protected resource or application, one or more values of access 
request parameters and network or internet protocol address of the client (col 8, lines 
16-22). 
Claim 35: 

Wiederhold discloses: 

1 . Receiving an access request from a user application to access a protected 
resource, by invoking a security service with the access request (Fig 2; col 3, 
lines 22-26; and col 4, last paragraph). 

2. Determining user entitlements to access the protected resource (col 3, lines 37- 
45), wherein the determining includes polling a plurality of security providers that 
may be plugged into the security service (col 4, lines 7-14; col 5, lines 34-51; and 
col 6, lines 5-10). 
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3. Making a decision at the security service based on the user entitlements to 
permit or deny the access request (col 5, 1 st paragraph). 

4. And the steps of either: 

a. Communicating a permitted access request to the protected resource (col 
5, 1 st paragraph), or 

b. Denying a denied access request to the protected resource (col 5, 1 st 
paragraph). 

Wiederhold does not disclose the invoking of a security service used a callback. 
Wiederhold does not disclose wherein the security providers use a callback handler to 
request context information from an application container for the access request. 
However, these limitations are substantially similar to the limitations discussed in claims 
1 and 18 as being disclosed by Devine and Blewett. 

At the time applicant's invention was made, it would have been obvious to one of 
ordinary skill in the art to modify Wiederhold's invention according to the limitations 
recited in 35 in light of Devine and Blewett's teachings. One of ordinary skill would have 
been motivated to incorporate Devine and Blewett's teachings within Wiederhold's 
invention for the same reasons given in claims 1 and 18. 
Claim 36: 

Wiederhold does not explicitly disclose if the access request is permitted, . 
entitlements also determine a type of access available to a user of the protected 
resource. However the examiner asserts that the limitation is well known in the art of 
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security. Further, Wiederhold discloses that existing security technologies are used to 
define who has access to what, how, and when (col 4, lines 7-14). 

At the time applicant's invention was made, it would have been obvious to one of 
ordinary skill in the art to further modify Wiederhold's invention according to the 
limitations recited in claim 36. One of ordinary skill would have been motivated to do so 
because it would allow the system to more precisely control access to a resource. 
Claim 37: 

Wiederhold further discloses the type of access includes any of view, modify, 
delete, or copy, any part or all of the protected resource (col 6, lines 19-32). View, 
modify, delete, or copy, any part or all of a resource are the types of functions normally 
performed on a resource when performing database queries. 
Claim 38: 

Wiederhold further discloses user entitlements can be communicated from a first 
security realm to a second security realm (col 5, 1 st paragraph). The examiner has 
interpreted a security realm as any individual portion of the overall system. In this case, 
the security mediator, security officer, protected resource, and client are all separate 
security realms. 
Claim 39: 

Wiederhold further discloses additional information from a first security realm can 
be used to modify the user entitlements, prior to communicating information about the 
user entitlement from the first security realm to the second security realm (col 5, 1 st 
paragraph). 
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Claims 3-4 and 20-21 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Wiederhold (US 6,226,745) in view of Devine et al (US 6,606,708) and Biewett (US 
5,551 ,040) and further in view of javaworld.com. 
Claims 3 and 20: 

Wiederhold does not disclose said application container is an Enterprise Java 
Bean container. However, javaworld.com discloses that one of the advantages of using 
an Enterprise Java Bean as a container is that an application would have almost 
transparent scalability (EJB advantages, item 3). As Wiederhold discloses that his/her 
invention could be used in a variety of environments from insurance companies, 
hospitals, and a military setting, it would be obvious to one of ordinary skill in the art at 
the time of the applicant's invention to use an Enterprise Java Bean container as this 
would allow the combination invention of Wiederhold and Devine to be scaled 
appropriately and easily for what ever type of environment it needs to operate. 
Claims 4 and 21: 

Wiederhold does not disclose said application container is a WebApp container. 
The examiner has interpreted WebApp to be the same thing as a web or Internet 
application and a WebApp container as a container which uses or runs on the web or 
Internet. Given that it would have been obvious to one of ordinary skill in the art at the 
time of the applicant's invention to use Java technology in Wiederhold's modified 
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invention (as discussed in claims 3 and 20) because of the advantages disclosed by 
javaworld.com (EJB advantages), it would also have been obvious that the application 
container can also be a WebApp container as Java is platform independent and 
commonly used in web or Internet based applications. Wiederhold discloses that his 
invention can be used by groups of people not normally found close together such as a 
hospital staff with an insurance company staff. It would have been obvious to use the 
Internet as a medium for sharing information and data between the various user groups. 
Since the Internet is used as the communication medium, it would be obvious to use a 
WebApp as the application container in Wiederhold's modified invention to ensure data 
proper data privacy between the various groups as seen in Fig. 1 of Wiederhold. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ponnoreay Pich whose telephone number is 571-272- 
7962. The examiner can normally be reached on 9:00am-4:30pm Mon-Fri. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



Ponnoreay Pich 
Examiner 
Art Unit 2135 
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